Apple is having a Benghazi moment. Months before perverts worldwide celebrated the leak of nude pics of numerous noted celebrities, Apple was told that such a thing could happen —by the same security researcher who exposed security flaws in Apple's Developer Center last year.
The Daily Dot has the scoop that Apple was told iCloud had specific security problems as early as March 2014.
And just like last year, when Ibrahim Balic had to take his findings to social media in order to compel Apple into taking action, the Cupertino tech giant appears to have sat on its hands.
Balic told Apple on March 26 that he'd figured out a way to get around defenses designed to stop "brute-force" attacks, where a hacker tries to crack a password by simply trying every password combination there is. These attacks usually fail because log-ins are disabled after a few tries, but, as Balic told Apple, he found a way to try "over 20,000 passwords on any account."
Balic emailed Apple directly to tell them the news and also via Apple's online platform for reporting bugs, all to no avail. According to e-mails shared with the Dot, one Apple product security staffer was not satisfied that the brute-force attack would work and asked Balic for other methods to access accounts "in a reasonably short amount of time."
"They kept asking me to show them more stuff," Balic told the Dot.
It's important to note that the flaw Balic found is not necessarily the one used to find Kate Upton and Justin Verlander in their intimate moments. For that matter, it's still not entirely certain how Celebgate, which the crass among us call "The Fappening," went down.
Initial reports on The Next Web suggested that a malicious line of script uploaded to GitHub allowed hackers to access iCloud accounts, but after fixing that breach, Apple denied that it was the hole exploited by the celebrity nude-hunters.
Meanwhile, another batch of pictures stolen from Jennifer Lawrence, Rihanna, and others hit the Internet over the weekend. Celebgate may not be over — and the leak that helped it happen may not be fixed, either.
Apple declined to comment on Balic's findings, The Daily Dot reported.